[arrl-odv:32014] IMPORTANT: Update on arrl.org
Here's a "while it's happening" report regarding our website: I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening. As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn't happen. We reached out to Fathom for ideas - they are out-of-business on websites. We reached out to Rackspace. Their security team did a deep dive on our site and found nothing. Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It's possible it has something to do with embedded links to YouTube, but I doubt it. There are some other things that came to light that will now further my inability to sleep at night. I can't believe the website has gone so many years without being properly dealt with. We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you'd imagine the results were not great. If you have suggestions, please respond off list to me directly. Thanks. David
Hi David, This has been a recurring problem and the last time I brought it to the attention of staff (via Barry Shelley) they couldn't reliably reproduce it. ODV couldn't either. However it still persists.
From past experience, this seems to be malvertising. Sometimes a malicious ad will slip by the diligence of ad providers. We've experienced this at FoxBusiness a few times, but quickly swatted it down. There is little you can do other than removing ads from the page or reporting it to the ad network.
Getting rid of Adobe Flash from the Internet will go a long way to reducing the incidences of it (thanks, Steve Jobs!) but there are always new vectors. Good luck in the hunt. =) 73 Ria, N2RJ On Sun, Feb 14, 2021 at 8:05 PM Minster, David NA2AA (CEO) <dminster@arrl.org> wrote:
Here’s a “while it’s happening” report regarding our website:
I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening.
As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn’t happen.
We reached out to Fathom for ideas – they are out-of-business on websites.
We reached out to Rackspace. Their security team did a deep dive on our site and found nothing.
Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It’s possible it has something to do with embedded links to YouTube, but I doubt it.
There are some other things that came to light that will now further my inability to sleep at night. I can’t believe the website has gone so many years without being properly dealt with.
We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you’d imagine the results were not great.
If you have suggestions, please respond off list to me directly.
Thanks.
David
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
We were able to rapidly narrow it down to one OS, one browser, and one image / link. It is still not clear how it is manifesting itself within them, but we have them on a backup for a security firm to look at. Another issue (do they ever end?) I have been working on is our bulk e-mail service challenges. Again, something we've tried to manage the ongoing fight with internal staff on. We have a new service that marketing is using and that's where I immediately focused when I saw this Friday night. That was a dead end, but was an important dead end to help get focused on where the real threat was hiding. David -----Original Message----- From: rjairam@gmail.com <rjairam@gmail.com> Sent: Sunday, February 14, 2021 8:52 PM To: Minster, David NA2AA (CEO) <dminster@arrl.org> Cc: arrl-odv <arrl-odv@arrl.org> Subject: Re: [arrl-odv:32014] IMPORTANT: Update on arrl.org Hi David, This has been a recurring problem and the last time I brought it to the attention of staff (via Barry Shelley) they couldn't reliably reproduce it. ODV couldn't either. However it still persists. From past experience, this seems to be malvertising. Sometimes a malicious ad will slip by the diligence of ad providers. We've experienced this at FoxBusiness a few times, but quickly swatted it down. There is little you can do other than removing ads from the page or reporting it to the ad network. Getting rid of Adobe Flash from the Internet will go a long way to reducing the incidences of it (thanks, Steve Jobs!) but there are always new vectors. Good luck in the hunt. =) 73 Ria, N2RJ On Sun, Feb 14, 2021 at 8:05 PM Minster, David NA2AA (CEO) <dminster@arrl.org> wrote:
Here’s a “while it’s happening” report regarding our website:
I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening.
As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn’t happen.
We reached out to Fathom for ideas – they are out-of-business on websites.
We reached out to Rackspace. Their security team did a deep dive on our site and found nothing.
Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It’s possible it has something to do with embedded links to YouTube, but I doubt it.
There are some other things that came to light that will now further my inability to sleep at night. I can’t believe the website has gone so many years without being properly dealt with.
We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you’d imagine the results were not great.
If you have suggestions, please respond off list to me directly.
Thanks.
David
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Fathom, was perhaps the single biggest mistake the league has ever made. We have fought stupid code, inability to change things, and flat out going backwards in what we had prior to them from a SM, and I have to assume ODV, perspective. I know, we can not change the past but they SUCK. And now you all know how I feel about that. Any SM from that time period will validate my opinion, and some of you here now, can as well. Thanks, David, for jumping in feet first and working to resolve this. Mark, HDX On Sun, Feb 14, 2021 at 5:05 PM Minster, David NA2AA (CEO) < dminster@arrl.org> wrote:
Here’s a “while it’s happening” report regarding our website:
I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening.
As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn’t happen.
We reached out to Fathom for ideas – they are out-of-business on websites.
We reached out to Rackspace. Their security team did a deep dive on our site and found nothing.
Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It’s possible it has something to do with embedded links to YouTube, but I doubt it.
There are some other things that came to light that will now further my inability to sleep at night. I can’t believe the website has gone so many years without being properly dealt with.
We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you’d imagine the results were not great.
If you have suggestions, please respond off list to me directly.
Thanks.
David
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Mark I am disappointed that you are so shy that you find it difficult to express your true feelings. 😁 Fathom is may not be the League's biggest mistake; but it is in top tier. The two times the Board was told the ARRL was hacked (note that I said "was told") was due to IT failures to have updated the Apache server software. ______________________________________ John Robert Stratton N5AUS Director West Gulf Division Office:512-445-6262 Cell:512-426-2028 P.O. Box 2232 Austin, Texas 78768-2232 *______________________________________* On 2/14/21 8:09 PM, Mark J Tharp wrote:
Fathom, was perhaps the single biggest mistake the league has ever made. We have fought stupid code, inability to change things, and flat out going backwards in what we had prior to them from a SM, and I have to assume ODV, perspective. I know, we can not change the past but they SUCK.
And now you all know how I feel about that.
Any SM from that time period will validate my opinion, and some of you here now, can as well.
Thanks, David, for jumping in feet first and working to resolve this.
Mark, HDX
On Sun, Feb 14, 2021 at 5:05 PM Minster, David NA2AA (CEO) <dminster@arrl.org <mailto:dminster@arrl.org>> wrote:
Here’s a “while it’s happening” report regarding our website:
I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening.
As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn’t happen.
We reached out to Fathom for ideas – they are out-of-business on websites.
We reached out to Rackspace. Their security team did a deep dive on our site and found nothing.
Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It’s possible it has something to do with embedded links to YouTube, but I doubt it.
There are some other things that came to light that will now further my inability to sleep at night. I can’t believe the website has gone so many years without being properly dealt with.
We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you’d imagine the results were not great.
If you have suggestions, please respond off list to me directly.
Thanks.
David
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org <mailto:arrl-odv@reflector.arrl.org> https://reflector.arrl.org/mailman/listinfo/arrl-odv <https://reflector.arrl.org/mailman/listinfo/arrl-odv>
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org https://reflector.arrl.org/mailman/listinfo/arrl-odv
Fathom is the name of a company that coded a custom content management system for ARRL because we are unique and special and could never use off the shelf standardized software. It has also become synonymous with our website software stack. Deciding that we would build our own content management system was a monumental mistake in judgement. It has tied us to aging software, not the least of which is an ancient version of Firefox that is required for making any content changes to the system. Upgrades to every underlying part of the system is impossible because we are so many versions back. And that IT decided to “wash their hands” of website support has further exacerbated the situation. I was hopeful that we could ‘kick the can’ down the road for a year or two to deal with some of those other systems issues that would take others only 24 hours to address and fix. It would seem that the website needs more urgent attention, especially depending on what the feedback is from the security consultant. I will keep you informed as we move forward and will be reaching out to our board IT gurus for their assistance. David From: Mark J Tharp <kb7hdx@gmail.com> Sent: Sunday, February 14, 2021 9:09 PM To: Minster, David NA2AA (CEO) <dminster@arrl.org> Cc: arrl-odv <arrl-odv@arrl.org> Subject: Re: [arrl-odv:32014] IMPORTANT: Update on arrl.org Fathom, was perhaps the single biggest mistake the league has ever made. We have fought stupid code, inability to change things, and flat out going backwards in what we had prior to them from a SM, and I have to assume ODV, perspective. I know, we can not change the past but they SUCK. And now you all know how I feel about that. Any SM from that time period will validate my opinion, and some of you here now, can as well. Thanks, David, for jumping in feet first and working to resolve this. Mark, HDX On Sun, Feb 14, 2021 at 5:05 PM Minster, David NA2AA (CEO) <dminster@arrl.org<mailto:dminster@arrl.org>> wrote: Here’s a “while it’s happening” report regarding our website: I experienced an adware pop-up on Friday night with our HamCation video. I had Bob and Kathleen immediately begin to dig into why it might be happening. As of today noon, the only thing we can ascertain is that it is one specific image related to ARRL At Home from iPhone using Safari. We have tried many other OS/browser combinations and it doesn’t happen. We reached out to Fathom for ideas – they are out-of-business on websites. We reached out to Rackspace. Their security team did a deep dive on our site and found nothing. Because the event is over, I directed Bob to delete the image from rotation on our homepage and the ARRL At Home page itself from the website. It’s possible it has something to do with embedded links to YouTube, but I doubt it. There are some other things that came to light that will now further my inability to sleep at night. I can’t believe the website has gone so many years without being properly dealt with. We will be reaching out to website security specialists with the intention to hire one and perform a deep dive on the website. I just quietly did that on our internal infrastructure and as you’d imagine the results were not great. If you have suggestions, please respond off list to me directly. Thanks. David _______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org<mailto:arrl-odv@reflector.arrl.org> https://reflector.arrl.org/mailman/listinfo/arrl-odv
participants (4)
-
John Robert Stratton -
Mark J Tharp -
Minster, David NA2AA (CEO) -
rjairam@gmail.com